The present invention relates to a possibility of pseudonymized authentication of a user entity.
In many areas of application, authentication of users is necessitated for controlling access to services and resources and for verifying, if necessitated, the authenticity of information provided by the users. Here, typically, frequently methods for “authentication by identification” are used. The same verify, after completed registration (where the real identity is verified more or less thoroughly and concatenated to a log-on name), the identity of the user via log-on. The same allow, via the usage of cryptographic standard methods, in particular digital signatures, also an authentication of information.
However, it is a central problem of these methods that generally the log-on and usage data allow repeated conclusions to the real identity of the users. As spectacular cases of the recent past have shown again and again, this case can occur not only on purpose, but also by stealing information. Since the amount and importance of log-on, user and usage data continue to increase and collection of information covers more and more sensitive areas, the cases of unauthorized usage and criminal stealing of such information are increasing. Thus, increasingly, technical methods are in demand that allow a verifiable protection of this sensitive information, i.e. methods that do not allow conclusions to the real identities, even in the case of a situation of interest for the other protagonists in the respective systems that is disadvantageous for the user.
Such methods for anonymization already exist in many different forms and variations, e.g. in the form of so-called methods for “authentication without identification” (cf. Lysyanskaya, [Lys07]). However, the same have a decisive disadvantage: they prevent not only conclusions to the real identity, but also to the differentiation of users. The same is, however, indispensable for many cases of application, among others for data mining, collaborative filtering, voting methods and many other applications.
A differentiation and authentication of users and the data generated by them with simultaneous protection of privacy would be desirable, even when other protagonists have an interest in misusing user data. This would be of particular interest for two areas of application: on the one hand for such areas of application where, due to the above-described problems, the ability to authenticate (i.e. the reliability) of information is given up in favor of data protection, for example in data mining, where context information is differentiated only indirectly between users. In these cases, by an option for pseudonymous identification, the reliability of the data could be improved (and also data protection, since privacy is frequently only insufficiently protected). On the other hand, for areas of application where data protection in the above-stated sense is abandoned or has to be abandoned due to the above-described problems, since authentication is absolutely essential. In these cases, by means of pseudonymous identification, the requirements could be obtained, while data protection is granted simultaneously and verifiably. This can be useful for increasing the desirability of applications for users, or can simply be necessitated for meeting legal requirements.
Thus, in the above sense, the following three aims are desirable:                1. Authentication of users (and, if needed, the data generated by them),        2. Possibility of reliably differentiating between user (and, if needed, the data generated by them), for example for personalization purposes, data mining, voting, allocation of users to groups, target-oriented authorization of the access to services and resources, etc.        3. Protection of privacy (also when assuming that data can “go missing” with system protagonists intentionally or unintentionally and can hence be combined and misused by an interested party) in the sense of preventing conclusions to the real identity of a user.        
With current methods, these aims cannot be reached simultaneously:                With common user authentication methods based on “authentication by identification”, points (1) and (2) can be fulfilled. However, here there are significant problems or risks in the field of data protection, since the real identities of users can be determined: either directly or—in the case of organizational protection measures—in the very realistic case of data theft by third parties or the sale of data by system protagonists.        On the other hand, methods allowing a completely anonymous user authentication exist (cf. ZK methods) and hence fulfill (1) and (3) which, however, no longer allow a differentiation between users and are therefore not useful for many cases of application.        Finally, for the stated cases of application (e.g. data mining) there are again methods allowing differentiation between users via “auxiliary constructions” and context information (e.g. IP addresses), thereby protecting privacy more or less satisfactorily, i.e. fulfilling (2) and (3)—although frequently only in a limited manner—which, however, do not allow authentication of users and their data and are thus not useful for certain cases of application or only in a limited manner.        
In contrast to this, it is the target of the described method to fulfill the stated targets simultaneously. In this way, the following compelling requirements are formulated for further illustration:    a) Authentication: A service can verify during log-on whether the user is the one he is pretending to be (and has provided proof of identification in advance).    b) Privacy protection: No system protagonist except the user, in particular not the service the user logs on to, can draw conclusions to the real identity of the user.    c) Pseudonymization: During log-on, the user can be allocated a unique pseudonym (ID) which can be used for differentiating between users and for authorizing specific actions. It should not be possible for anybody apart from the user (see above) to establish a connection between the real identity and the pseudonym.
Apart from that, it is basically useful when the method addresses the following optional requirements:    d) Reuse of existing standard methods for authentication, e.g. qualified certificates.    e) Reusability of authorization information: A single registration should enable log-on to several different services.
In other words, a method for generating and using unique pseudonyms for authentication purposes would be desirable, which, on the one hand, is bound in a verifiable manner to real identities (of users, devices or software) and, on the other hand, allows no subsequent conclusions to the real identities.